Firewall Wizards mailing list archives
RE: Blocking MSN (and any other service for that matter)
From: Chuck Vose <vosechu () roman-fleuve com>
Date: Fri, 23 Apr 2004 18:56:14 -0700
On Fri, 2004-04-23 at 05:53, MHawkins () TULLIB COM wrote:
So what if someone has a changeable MAC NIC? Step 1: Break through physical access and get yourself a Ethernet port to connect to.
Lets imagine something a little less far fetched. Wireless access point with spoof-able MAC, hooked onto the back of your computer so that you can use remote desktop because the admins refuse to let you do it through the firewall.
Step 2: Attempt to connect. Ethernet port shuts down almost as soon as you connected.
Sure why not. Any brands come to mind that shut off a port when the link is broken? I'm intrigued.
Step 3: Since you are very technically competent you recognize the possibility that MAC level security is in place.
Ok, but I said "could cause lots of problems" not will obviously invalidate this method. MAC level security could make this situation very possible, but is it more work than some of the alternatives?
Step 4: You conclude it will be far easier to steal time at a host that is already within the network rather than attempt to guess a valid MAC address.
When 70% of attacks are from insiders, why would I (being a disgruntled employee) need to guess at all. Let's just run ipconfig and figure it out. You seem to be on the defensive about this, have I said something to make you think I'm attacking the idea of mac based VLANing? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Blocking MSN (and any other service for that matter) Jean Paul López (Apr 22)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 22)
- Re: Blocking MSN (and any other service for that matter) Carric Dooley (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Paul D. Robertson (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Carric Dooley (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Jean Paul López (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 22)
- <Possible follow-ups>
- RE: Blocking MSN (and any other service for that matter) MHawkins (Apr 23)
- RE: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 24)